The security protection of the Proxmox VE firewall can be further enhanced by configuring an intrusion detection and prevention system such as Suricata. It is a high-performing IDS/IPS engine that is able to protect a virtual machine by rejecting traffic that are possible intrusions. Currently, Snort and Suricata are two open source main stream IDS/IPS available among a few others. One of the primary advantages of Suricata is that it is multithreaded, whereas Snort is single-threaded. Suricata is under rapid deployment and gaining popularity fast in the security community.
By default, Suricata is not installed on a Proxmox node, it needs to be manually installed and configured. As for Proxmox VE 4.1, Suricata can only be used to protect a virtual machine, not any Proxmox host nodes.